HTTP/2 - What is it and what is new?

9 Things To Expect

1. Same HTTP APIs

Making HTTP/2 succeed means that it has to work with the existing Web. So, this effort is about getting the HTTP we know on the wire in a better way, not changing what the protocol means.

2. Cheaper Requests

The Web performance community’s mantra is “avoid HTTP requests” because HTTP/1 make them expensive. This has given rise to techniques like inlining, concatenation and spriting to reduce the number of requests on a page.

With HTTP/2, these techniques shouldn’t be necessary

3. Network- and Server-Friendliness

HTTP/2 allows the use of a single connection per host, and encourages sites to consolidate their content on one host where possible.

4. Cache Pushing

HTTP/2’s “server push” allows a server to proactively send things to the client’s cache for future use.

5. Being Able to Change Your Mind

HTTP/2 adds the RST_STREAM frame to allow a client to change its mind; if the browser navigates away from a page, or the user cancels a download, it can avoid having to open a new connection without wasting all of that bandwidth.

6. More Encryption

HTTP/2 doesn’t require you to use TLS (the standard form of SSL, the Web’s encryption layer), but its higher performance makes using encryption easier, since it reduces the impact on how fast your site seems.

7. No More Text

One of the nice things about HTTP/1 is the ability to open up telnet, type in a request (if the server doesn’t time out!) and then look at the response. This won’t be practical in HTTP/2, because it’s a binary protocol. Why?

While binary protocols have lower overhead to parse, as well as a slightly lighter network footprint, the real reason for this big change is that binary protocols are simpler, and therefore less error-prone.

8. It’ll Take Some Time to Get it Right

HTTP/2 isn’t magic Web performance pixie dust; you can’t drop it in and expect your page load times to decrease by 50%.

It’s more accurate to view the new protocol as removing some key impediments to performance; once browsers and servers learn how and when to take advantage of that, performance should start incrementally improving.

9. HTTP/3 and Beyond

HTTP/1.x has lasted for more than fifteen years; why would we be even considering HTTP/3 before HTTP/2 is done?

One of the big reasons that HTTP/2 took so long to get to is that upgrading the protocol in the deployed infrastructure is really hard; there are lots of boxes out there that assume HTTP/1 will never change.

So, if the transition from HTTP/1 to HTTP/2 goes well, it should be a lot easier to introduce the next version, because we can use the same mechanism that we used for the first big hop.

The link below has more information:-

https://www.mnot.net/blog/2014/01/30/http2_expectations

Ever heard of EQUATIONDRUG? - It has nothing to do with Drugs, it is an attack platform to control compromised computers.

We need to install software from a valid install CD but, if that is compromised then how can we protect.

Researchers at Kaspersky Lab have uncovered a cyberespionage group that has been operating for at least 15 years and has worked with and supported the attackers behind Stuxnet, Flame and other highly sophisticated operations. 

Once a PC is compromised, the attackers install the EQUATIONDRUG attack platform, which is the main component from which further operations run. The platform includes a variety of modules and has an analog in another platform called GRAYFISH, which is an updated version of the attack framework.

Countries targeted by this group include Russia, Syria, Iran, Pakistan, China, Yemen, Afghanistan, India but also US and UK, between and several others.

GRAYFISH is the most highly evolved version of its attack infrastructure. The attackers began using this platform about seven years ago and have been improving it as they go. - See more at: 

The trump card for the Equation Group attackers is their ability to inject an infected machine’s hard drive firmware. This module, known only by a cryptic name – “nls_933w.dll”, essentially allows the attackers to reprogram the HDD or SSD firmware with a custom payload of their own creation. 

Fanny creates a hidden storage area on the stick. If it infects a computer without an internet connection, it will collect basic system information and save it into the hidden area of the stick. Later, which a stick containing hidden information is plugged into a computer infected by Fanny having an Internet connection, the data will be scooped from the hidden area and sent to the C&C. 

Another incident included an installation CD for Oracle software that included a Trojan dropper for the Equation Group’s malware. This is a tactic that, through the Edward Snowden documents, has been attributed to operations conducted in the past by the National Security Agency.

The C&C infrastructure includes hundreds of domains in a number of countries, including the United States, the UK, Italy and Germany. 

“The scariest thing about them is that we don’t have any samples from 2014. So somewhere in 2013 these guys went off the radar,” he said. “We have no idea what they did in 2014, which is very, very scary.” -

The link below has more information:-

http://threatpost.com/massive-decades-long-cyberespionage-framework-uncovered/111080